What are the weaknesses of change-detection software?
Change detection has the highest probability of false alarms, since it will not know whether a change is viral or valid. (Additional thought put into the installation of change-detection software will go a long way to reducing the level of false-positive results. As always with security systems, there is a trade-off between the easy and the effective.) The addition of intelligent analysis of the changes detected may assist with this failing. Change-detection software provides no protection, but only after-the-fact notification of an infection. It is, therefore, quite possible to install an infected program on your system and have it continue to infect other programs. The subsequent infections will (or should) be detected, but the change- detection software will not identify the original culprit. (Deductive reasoning, along with the software’s assistance, though, may.) You must inform the software of any changes *you* make in the system, otherwise the change detection software will gene
